pkcs7.h

00001 /* pkcs7.h
00002  *
00003  * Copyright (C) 2006-2014 wolfSSL Inc.
00004  *
00005  * This file is part of CyaSSL.
00006  *
00007  * CyaSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * CyaSSL is distributed in the hope that it will be useful, 
00013  * * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
00020  */
00021 
00022 
00023 #ifdef HAVE_PKCS7
00024 
00025 #ifndef CTAO_CRYPT_PKCS7_H
00026 #define CTAO_CRYPT_PKCS7_H
00027 
00028 #include <cyassl/ctaocrypt/types.h>
00029 #include <cyassl/ctaocrypt/asn.h>
00030 #include <cyassl/ctaocrypt/asn_public.h>
00031 #include <cyassl/ctaocrypt/random.h>
00032 #include <cyassl/ctaocrypt/des3.h>
00033 
00034 #ifdef __cplusplus
00035     extern "C" {
00036 #endif
00037 
00038 /* PKCS#7 content types, ref RFC 2315 (Section 14) */
00039 enum PKCS7_TYPES {
00040     PKCS7_MSG                 = 650,   /* 1.2.840.113549.1.7   */
00041     DATA                      = 651,   /* 1.2.840.113549.1.7.1 */
00042     SIGNED_DATA               = 652,   /* 1.2.840.113549.1.7.2 */
00043     ENVELOPED_DATA            = 653,   /* 1.2.840.113549.1.7.3 */
00044     SIGNED_AND_ENVELOPED_DATA = 654,   /* 1.2.840.113549.1.7.4 */
00045     DIGESTED_DATA             = 655,   /* 1.2.840.113549.1.7.5 */
00046     ENCRYPTED_DATA            = 656    /* 1.2.840.113549.1.7.6 */
00047 };
00048 
00049 enum Pkcs7_Misc {
00050     PKCS7_NONCE_SZ       = 16,
00051     MAX_ENCRYPTED_KEY_SZ = 512,           /* max enc. key size, RSA <= 4096 */
00052     MAX_CONTENT_KEY_LEN  = DES3_KEYLEN,   /* highest current cipher is 3DES */
00053     MAX_RECIP_SZ         = MAX_VERSION_SZ +
00054                            MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
00055                            MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
00056 };
00057 
00058 
00059 typedef struct PKCS7Attrib {
00060     byte* oid;
00061     word32 oidSz;
00062     byte* value;
00063     word32 valueSz;
00064 } PKCS7Attrib;
00065 
00066 
00067 typedef struct PKCS7 {
00068     byte* content;                /* inner content, not owner             */
00069     word32 contentSz;             /* content size                         */
00070     int contentOID;               /* PKCS#7 content type OID sum          */
00071 
00072     RNG* rng;
00073 
00074     int hashOID;
00075     int encryptOID;               /* key encryption algorithm OID         */
00076 
00077     byte*  singleCert;            /* recipient cert, DER, not owner       */
00078     word32 singleCertSz;          /* size of recipient cert buffer, bytes */
00079     byte issuerHash[SHA_SIZE];    /* hash of all alt Names                */
00080     byte*  issuer;                /* issuer name of singleCert            */
00081     word32 issuerSz;              /* length of issuer name                */
00082     byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number           */
00083     word32 issuerSnSz;            /* length of serial number              */
00084     byte publicKey[512];
00085     word32 publicKeySz;
00086     byte*  privateKey;            /* private key, DER, not owner          */
00087     word32 privateKeySz;          /* size of private key buffer, bytes    */
00088     
00089     PKCS7Attrib* signedAttribs;
00090     word32 signedAttribsSz;
00091 } PKCS7;
00092 
00093 
00094 CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output);
00095 CYASSL_LOCAL int GetContentType(const byte* input, word32* inOutIdx,
00096                                 word32* oid, word32 maxIdx);
00097 CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
00098                                      int keyEncAlgo, int blockKeySz,
00099                                      RNG* rng, byte* contentKeyPlain,
00100                                      byte* contentKeyEnc,
00101                                      int* keyEncSz, byte* out, word32 outSz);
00102 
00103 CYASSL_API int  PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
00104 CYASSL_API void PKCS7_Free(PKCS7* pkcs7);
00105 CYASSL_API int  PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz);
00106 CYASSL_API int  PKCS7_EncodeSignedData(PKCS7* pkcs7,
00107                                        byte* output, word32 outputSz);
00108 CYASSL_API int  PKCS7_VerifySignedData(PKCS7* pkcs7,
00109                                        byte* pkiMsg, word32 pkiMsgSz);
00110 CYASSL_API int  PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
00111                                           byte* output, word32 outputSz);
00112 CYASSL_API int  PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
00113                                           word32 pkiMsgSz, byte* output,
00114                                           word32 outputSz);
00115 
00116 #ifdef __cplusplus
00117     } /* extern "C" */
00118 #endif
00119 
00120 #endif /* CTAO_CRYPT_PKCS7_H */
00121 
00122 #endif /* HAVE_PKCS7 */
00123 
00124